Multimedia Tools and Applications

, Volume 74, Issue 20, pp 8791–8799 | Cite as

A study on attack information collection using virtualization technology

  • Hwan-Seok YangEmail author


Internet is used in all sectors of society by rapid changes in computing technology and expanded internet prevalence. But due to opposite effect of this, malicious code and damage of hacking is growing rapidly and the technique is becoming various. Attacker’s attack patterns and information should be collected in order to reduce the damage and cope more aggressively to attack. In this paper, we propose a system which build honeypot farm using created virtual machine dynamically by utilizing honeypot to collect attack information and virtualization technology. The created virtual machines are managed by VMSC and protocol-based intrusion detection system which shows stable performance in mass traffic to attacker’s intrusion detection is applied. Measurement of attack attempt and attack detection rate was measured to confirm the performance of the proposed system in this paper and the result of good performance through experiment was confirmed.


Virtualization Computer security Honeypot Honeynet 


  1. 1.
    Costa DG, Guedes LA (2011) “Exploiting the sensing relevancies of source nodes for optimizations in visual sensor networks.” Multimed Tools Appl 55(3)Google Scholar
  2. 2.
    Ikinci A, Holz T, Freiling FC (2008) “Monkey-spider: detecting malicious websites with low-interaction honeyclients.” In Sicherheit’08, pp. 407–421Google Scholar
  3. 3.
    Kim Y-H, Park WH (2012) A study on cyber threat prediction based on intrusion detection event for APT attack detection. Multimed Tools Appl 60(3):1–14Google Scholar
  4. 4.
    Koachev D, Cao Y, Klamma R (2012) Building mobile multimedia services: a hybrid cloud computing approach. Multimed Tools Appl 58(2):1–29Google Scholar
  5. 5.
    Kreibich C, Weaver N, Kanich C, Cui W, Paxson V (2011) “Practical containment for measuring modern malware system.” In Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference, pp. 397–412Google Scholar
  6. 6.
    Lee DH, Kim B, Kim KJ (2010) “PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions.” Multimed Tools Appl 50(3)Google Scholar
  7. 7.
    Leita C, Mermoud K, Dacier M (2005) “Scriptgen: an automated script generation tool for honeyd.” In Proceedings of the 21st Annual Computer Security Application Conference(ACSAC), pp. 203–214Google Scholar
  8. 8.
    Marchette DJ (2001) Computer intrusion detection and network monitoring. Springer, New YorkzbMATHCrossRefGoogle Scholar
  9. 9.
    Nance K, Bishop M, Hay B (2008) Virtual machine introspection: observation or interface. IEEE Secur Priv 6(5):32–37CrossRefGoogle Scholar
  10. 10.
    Ning P, Xu D (2003) “Learning attack strategies from intrusion alerts.” In Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 200–209Google Scholar
  11. 11.
    Platter C, Baumann R. “White paper: honeypots,”
  12. 12.
    Provos N (2004) “A virtual honeypot framework.” In proceedings of the 13th USENIX Security Symposium, pp. 1–14Google Scholar
  13. 13.
    Spitzner L (2002) Honeypots: tracking hackers. Addison-Wesley, BostonGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  1. 1.Department of Information Security EngineeringJoongbu UniversityChungnamSouth Korea

Personalised recommendations